Was there a change in how subnet validation is handled between Foreman
1.9.x and Foreman 1.11.x?
Here's my scenario. We upgraded a DHCP/TFTP Smart Proxy from 1.9.3 to
1.11.1, and started to have trouble saving host records in the Foreman UI.
If you attempted to modify an existing host record, it would not save. No
error was displayed. In the smart proxy logs, we saw the following:
ERROR – : Unable to add subnet 10.230.125.0/255.255.255.0
Upon closer inspection, it appeared an overlapping subnet was causing the
issue. Both 10.230.112.0/20 and 10.230.125.0/24 were present. On rollback
to 1.9.3, the error went away (with both subnets still in place).
The strange thing to me is that Foreman was doing subnet validation in
1.9.3. When I'd attempt to import an overlapping subnet, the validation
would fail and Foreman wouldn't let me do it. So I'm trying to figure out
how this subnet got there in the first place.
Anyone know why Smart Proxy 1.11.1 would complain about this overlapping
subnet, while Foreman 1.9.3 would not? Or how this subnet might have been
imported in the first place?
I've read over the release notes for 1.10 and 1.11, but this is the closest
possibility I could find: Feature #11250: Remove uniqueness check from network address validator in subnet.rb - Foreman
> Was there a change in how subnet validation is handled between Foreman
> 1.9.x and Foreman 1.11.x?
>
> Here's my scenario. We upgraded a DHCP/TFTP Smart Proxy from 1.9.3 to
> 1.11.1, and started to have trouble saving host records in the Foreman
> UI. If you attempted to modify an existing host record, it would not
> save. No error was displayed. In the smart proxy logs, we saw the
> following:
>
> >
> ERROR --:Unableto add subnet 10.230.125.0/255.255.255.0
> >
>
> Upon closer inspection, it appeared an overlapping subnet was causing
> the issue. Both 10.230.112.0/20 and 10.230.125.0/24 were present. On
> rollback to 1.9.3, the error went away (with both subnets still in place).
>
> The strange thing to me is that Foreman was doing subnet validation in
> 1.9.3. When I'd attempt to import an overlapping subnet, the validation
> would fail and Foreman wouldn't let me do it. So I'm trying to figure
> out how this subnet got there in the first place.
>
> Anyone know why Smart Proxy 1.11.1 would complain about this overlapping
> subnet, while Foreman 1.9.3 would not?
1.11.1 contains changes from Refactor #11866: Replace linear searches in various lookups in DHCP module with constant-time lookups. - Smart Proxy - Foreman
which optimises how the smart proxy looks up networks in memory. This
change increased the internal validation of networks and didn't permit
overlapping subnets.
> Or how this subnet might have
> been imported in the first place?
>
> I've read over the release notes for 1.10 and 1.11, but this is the
> closest possibility I could find:
> Feature #11250: Remove uniqueness check from network address validator in subnet.rb - Foreman
This did indeed change Foreman's validation of subnets to permit
multiple overlapping networks, so it's possible your second network was
created in Foreman on 1.10.0 or higher, or perhaps some bug in an older
version (e.g. lack of validation).
···
On 24/05/16 01:15, Kyle Flavin wrote:
–
Dominic Cleal
dominic@cleal.org
